Paubox blog: HIPAA compliant email made easy

Is Appointlet HIPAA compliant?

Written by Sara Nguyen | January 29, 2021
Online scheduling software makes it easy for your patients to schedule an appointment with your healthcare organization. However, it can collect protected health information (PHI) that needs protection under HIPAA. Let's discuss Appointlet and if it is compliant with HIPAA.

 

What is Appointlet?

Appointlet is online scheduling software that makes it easy for people to book appointments with you. It has features like converting time zones, calendar sync and can even accept payments. 

 

SEE ALSO: Guide to Online Payment Options & HIPAA Compliance

 

Appointlet and the business associate agreement

Covered entities should be well-aware that any third-party vendor they work with needs to sign a business associate agreement ( BAA ). This also includes any online scheduling software a healthcare provider uses. Appointlet is a business associate because it can collect PHI from patients. The collection, sharing, and storage of PHI need careful protection to stay in compliance with HIPAA. A BAA ensures that a business associate is following HIPAA security guidelines.

 

SEE ALSO: Understanding and Implementing HIPAA Rules

 

Appointlet doesn't mention that it is willing to sign a BAA. With no BAA, Appointlet is automatically not HIPAA compliant.

 

Appointlet and data security

One of the biggest security concerns with online scheduling software is integration with third-party apps like Google Calendar. Even if an online scheduler is HIPAA compliant, third-party integrations might not comply. Appointlet is an example of problematic syncing with third-party calendars. It doesn't have its own calendar, so you will have to sync appointments with third-party calendars. These calendars need to be set-up for HIPAA compliance, including a separate BAA. Appointlet stores information on servers located at Amazon's US-East facilities. While the database has a secure connection and encrypts all data, there's no formal policy on how long Appointlet will hold onto PHI. This could be another violation of HIPAA security rules.

 

Is Appointlet HIPAA compliant?

Appointlet is not HIPAA compliant. The online scheduler doesn't mention any willingness to sign a BAA, and there's no guarantee that it will follow HIPAA guidelines on protecting PHI.

 

Don't forget to have HIPAA compliant email

You should always confirm that your business associates comply with HIPAA, including your email providers. Sending HIPAA compliant email is key to protecting your patients' health information from cyber attacks. Paubox Email Suite Plus uses the latest security tools to ensure that every email you send is encrypted . Our robust inbound security tools protect against phishing , spam , viruses , and malware . We've also developed our patented ExecProtect feature to block display name spoofing emails from reaching your employees' inboxes. It can easily integrate with your current email provider, like Google Workspace or Microsoft 365 . All emails are sent directly to your patients' inbox—no need for third-party apps or client portals. 
 
Try Paubox Email Suite Plus for FREE today.